search

killent / flexigrid

Automatically exported from code.google.com/p/flexigrid
0 stars 0 forks source link

Pass column names to server script #29

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
I think it would be good for a future release of Flexigrid to provide an option 
for the script to pass the column names through to the server-side script. The 
colModel part of the script is formatted like this:
colModel: [display: 'ID', name: 'CUSTOMER.CUST_ID' ...etc...] for each of the 
columns required in the table. Since the 'name' part of the column corresponds 
to a column that would be in the query to the database, I was thinking you 
could pass all of these column names to the server-side script so that the 
query could be completely dynamic, rather than needing to type in a individual 
query for every table you need generated. This would allow you to use a single 
file to dynamically generate the XML or JSON for every table that you would 
need generated, rather than using a single file and specifying the query for 
each table, or using separate files and still needing to type each query 
manually.

An option could be put into the Flexigrid setup like boolean 'sendColumns' and 
if it is true then the script would send all the column names to the 
server-side script when the ajax call is made (possibly in an array for easy 
iteration). Or you could have it as an option for each column separately, if 
you wanted to be that specific to only send some columns.

I would post specific code, but I don't know how to do much plug-in coding with 
jQuery. Hopefully I described this well enough to be understood.

Original issue reported on code.google.com by kro...@wwtele.com on 29 Apr 2011 at 1:40

GoogleCodeExporter commented 9 years ago 
http://groups.google.com/group/flexigrid/msg/8051beca81894939

Original comment by ymkin....@gmail.com on 29 Apr 2011 at 9:34

GoogleCodeExporter commented 9 years ago 
After talking with Paulo and others and although we understand the desire for 
this feature, this isn't an adjustment that we'll be applying to the trunk for 
2 reasons:
1) There would be a marginal performance hit for introducing this feature, and 
any performancing-hindering feature needs to have a target-audience of > 1% of 
our userbase.
2) This feature could be maliciously used to snoop SQL-injection 
vulnerabilities. Though the server-side code could certainly be designed to 
prevent against this, lazy coding habits would certainly introduce this 
possibility (ala PHP's register_globals from PHP3/4 being on by default).

Because of these issues, this feature won't be pursued. You could sponsor 
development of this feature from one of the developers, but you'll need to keep 
applying the code changes to all future releases if you go this route.

Original comment by eric.caron on 30 Apr 2011 at 9:05

GoogleCodeExporter commented 9 years ago 
I can understand that, but the code that was posted in the linked forum post 
works perfectly for me. So if anyone else wants to do the same, the code posted 
there works well as far as I can see. You just have to do some manipulation on 
the server side to get the column names pulled out of the string of columns.

Original comment by kro...@wwtele.com on 30 Apr 2011 at 9:10